Research Papers

Security Analytics with Big Data

By Adrian Lane

Big data is touted as a ‘transformative’ technology for security event analysis – with promises that it will detect threats in the ever-increasing volume of event data generated from in-house, mobile, and cloud-based services. We hear big data will do more, do it better, and cost less. IT and security personnel, having seen this type of hyperbole many times, are justifiably skeptical: we have been promised rainbows and flying unicorns before. The combination of industry hype, vendor positioning, and general confusion in the press about the meaning of big data make seasoned security folks all the more wary. But big data’s hype is not just hot air – it genuinely addresses fundamental scalability and detection problems that can cripple current analytics systems. Big data is a huge step forward.

To address the questions we received from end users, this research paper covers four main topics:

Describe what security analytics with big data is and what it looks like

Discuss how it is different than past tools and platforms

Discuss the main use cases

What type of solution would be right for you

If you are going to “roll your own” big data security analytics cluster, this research provides a sample of what other firms are doing, architectures they use, and the underlying components they leverage to support their work. It will help you understand what types of data you probably already have at your disposal, and what observations you can derive from it.

If you are looking to acquire a big data analytics solution this research will help you understand potential risks in realizing your investment and help with rollout and integration.

We hope you find this information helpful, and as always please ask questions or provide feedback on the blog.

Contact

About

Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality. We are totally obsessed with improving the practice of information security. Our job is to save you money and help you do your job better and faster by helping you cut through the noise and providing clear, actionable, pragmatic advice on securing your organization.